CN101765845B - System and method for digital content distribution - Google Patents
System and method for digital content distribution Download PDFInfo
- Publication number
- CN101765845B CN101765845B CN200880100934.5A CN200880100934A CN101765845B CN 101765845 B CN101765845 B CN 101765845B CN 200880100934 A CN200880100934 A CN 200880100934A CN 101765845 B CN101765845 B CN 101765845B
- Authority
- CN
- China
- Prior art keywords
- storage device
- key
- server
- digital content
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 claims abstract description 27
- 238000012545 processing Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 230000003278 mimic effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
提供一种将数字内容从服务器转移到存储设备的方法和系统。该方法包括:使用第一密钥加密该内容,其中,该服务器加密该内容;使用随机会话密钥在服务器和存储设备之间建立安全通信通道;经由安全通信通道向存储设备发送第一密钥;用第一密钥替代随机会话密钥;在用第一密钥替代随机会话密钥之后向存储设备发送加密的内容;使用第一密钥解密该加密的内容,其中,该存储设备解密该加密的内容;使用由该存储设备生成的第二密钥来重新加密被解密的内容;以及在存储设备处存储重新加密的内容。
A method and system for transferring digital content from a server to a storage device is provided. The method includes: encrypting the content using a first key, wherein the server encrypts the content; establishing a secure communication channel between the server and the storage device using a random session key; sending the first key to the storage device via the secure communication channel ; replacing the random session key with the first key; sending the encrypted content to the storage device after replacing the random session key with the first key; decrypting the encrypted content using the first key, wherein the storage device decrypts the encrypting the content; re-encrypting the decrypted content using a second key generated by the storage device; and storing the re-encrypted content at the storage device.
Description
技术领域 technical field
本发明涉及数字内容的分发(distribution)。 The present invention relates to distribution of digital content.
背景技术 Background technique
在当今的计算环境中普遍使用数字内容。数字内容可以存储在存储设备(也称为存储系统),或经由诸如因特网、对等(peer-to-peer)软件、电子邮件等的电通信而分发。因特网和其他通信网络现今使得各种数字应用和系统(可称为主机系统)相互连接且容易地交换数字内容。主机系统可以包括、但不限于个人计算机、膝上计算机、桌上计算机、个人数字助理(PDA)、移动电话、MP3播放器、DVD播放器、游戏控制台、诸如数字摄像机的数字记录设备以及其它。 Digital content is pervasively used in today's computing environment. Digital content may be stored on storage devices (also referred to as storage systems), or distributed via electronic communications such as the Internet, peer-to-peer software, email, and the like. The Internet and other communication networks today enable various digital applications and systems (which may be referred to as host systems) to interconnect and exchange digital content with ease. Host systems may include, but are not limited to, personal computers, laptop computers, desktop computers, personal digital assistants (PDAs), mobile phones, MP3 players, DVD players, game consoles, digital recording devices such as digital video cameras, and other .
数字内容通常被存储为电子文件。数字内容文件通常包括可以被终端用户使用适当的应用或设备来浏览、收听、读取、播放、执行或者使用的数据。数字内容文件可以包括音频文件、视频文件、多媒体内容文件、软件文件、电子书、文档、计算机游戏、数据库、应用或任何其他类型的数字内容。存在用于存储数字内容的不同文件格式。例如,可以使用MP3、Wav、RealAudio和其他文件格式来存储音频文件,而可以使用MP4、 、RealVideo和其他格式用于存储音频和视频两种文件。 Digital content is typically stored as electronic files. Digital content files generally include data that can be browsed, listened to, read, played, executed, or used by an end user using an appropriate application or device. Digital content files may include audio files, video files, multimedia content files, software files, electronic books, documents, computer games, databases, applications, or any other type of digital content. Different file formats exist for storing digital content. For example, audio files can be stored using MP3, Wav, RealAudio, and other file formats, while MP4, , RealVideo, and other formats are used to store both audio and video files.
可以使用数字权限管理(DRM)来保护数字内容的使用。DRM允许人们通过将具体许可与内容相关联来限制对数字内容的访问。在没有从版权所有者接收适当的许可的情况下可以禁止用户复制、分发、修改、销售或表演(perform)有版权的数字内容文件。例如,相对于音频文件,许可证对象可以仅授予付费用户许可以播放该文件,而不同类型的许可证对象可以授予另外的许可来复制文件并分发文件。不同的DRM标准可以用于不同的内容类型和格式,且可以提供不同的方法来分发数字内容和相关的许可。 Use of digital content may be protected using digital rights management (DRM). DRM allows people to restrict access to digital content by associating specific permissions with the content. Users may be prohibited from copying, distributing, modifying, selling or performing copyrighted digital content files without receiving appropriate permission from the copyright owner. For example, with respect to an audio file, a license object may grant only paying users permission to play the file, while a different type of license object may grant additional permissions to copy the file and distribute the file. Different DRM standards may be used for different content types and formats, and may provide different methods for distributing digital content and related licenses.
数字内容对版权所有者、内容提供者等来说具有商业价值。保护数字内容分发是一个挑战,因为现代的网络有利于数字内容的大量分发。 Digital content has commercial value to copyright owners, content providers, and the like. Securing digital content distribution is a challenge because modern networks facilitate the mass distribution of digital content.
发明内容 Contents of the invention
用于保护数字内容的本系统和方法的各种实施例具有若干特征,其中没有单个特征仅对它们期望的属性负责。在不限制由以下的权利要求所表述的本实施例的范围的情况下,将简短地讨论其更显著的特征。在考虑了该讨论之后,且具体地在阅读了题为“具体实施方式”的部分之后,人们将理解本实施例的特征如何提供优点,其包括更有效和增加的安全性。 Various embodiments of the present system and method for protecting digital content have several features, no single one of which is solely responsible for their desirable attributes. Without limiting the scope of the present embodiment as expressed by the following claims, its more salient features will be briefly discussed. After considering this discussion, and particularly after reading the section entitled "Detailed Description" one will understand how the features of this embodiment provide advantages, including more efficiency and increased safety.
在一个实施例中,用于保护数字内容的本系统和方法包括如下认识:使得内容服务器对多个存储设备加密内容多次是很麻烦且低效率的。如果存储设备进行加密和解密内容的任务,则可以实现更有效和安全性。 In one embodiment, the present system and method for protecting digital content includes the recognition that it is cumbersome and inefficient to have a content server encrypt content multiple times for multiple storage devices. More efficiency and security can be achieved if the storage device performs the task of encrypting and decrypting content.
根据上述现实,用于保护数字内容的本系统和方法的一个实施例包括一种将数字内容从服务器转移到存储设备的方法。根据该方法,服务器使用第一密钥加密该内容。使用随机会话密钥在服务器和存储设备之间建立安全通信通道。服务器经由安全通信通道向存储设备发送第一密钥。服务器和存储设备用第一密钥替代随机会话密钥。服务器经由安全通信通道向存储设备发送加密的内容。存储设备使用第一密钥解密该加密的内容,且使用第二密钥来加密该内容。在存储设备上存储该内容。 In light of the above realities, one embodiment of the present system and method for protecting digital content includes a method of transferring digital content from a server to a storage device. According to the method, the server encrypts the content using a first key. A secure communication channel is established between the server and the storage device using a random session key. The server sends the first key to the storage device via a secure communication channel. The server and the storage device replace the random session key with the first key. The server sends encrypted content to the storage device via a secure communication channel. The storage device decrypts the encrypted content using the first key and encrypts the content using the second key. Store the content on a storage device.
用于保护数字内容的本系统和方法的另一个实施例包括一种将数字内容从服务器转移到存储设备的方法。根据该方法,服务器使用第一密钥加密该内容。使用随机会话密钥在服务器和存储设备之间建立安全通信通道。服务器经由安全通信通道向存储设备发送第一密钥。在服务器和存储设备之间建立开放通信通道。服务器经由开放通信通道向存储设备发送加密的内容。存储设备使用第一密钥解密该加密的内容,且使用第二密钥来加密该内容。在存储设备上存储该内容。 Another embodiment of the present system and method for protecting digital content includes a method of transferring digital content from a server to a storage device. According to the method, the server encrypts the content using a first key. A secure communication channel is established between the server and the storage device using a random session key. The server sends the first key to the storage device via a secure communication channel. Establish an open communication channel between the server and the storage device. The server sends encrypted content to the storage device via an open communication channel. The storage device decrypts the encrypted content using the first key and encrypts the content using the second key. Store the content on a storage device.
在另一实施例中,提供一种用于转移数字内容的系统。该系统包括:服务器,具有对所述内容的存取;以及存储设备,可以存储所述内容;其中,所述服务器使用第一密钥加密该内容;使用随机会话密钥在服务器和存储设备之间建立安全通信通道;经由安全通信通道向存储设备发送第一密钥;用第一密钥替代随机会话密钥;在用第一密钥替代随机会话密钥之后向存储设备发送加密的内容;以及,用于该存储设备的密码引擎使用第一密钥解密该加密的内容且使用由该存储设备生成的第二密钥来重新加密被解密的内容; 以及在存储设备处存储重新加密的内容。 In another embodiment, a system for transferring digital content is provided. The system includes: a server having access to the content; and a storage device capable of storing the content; wherein the server encrypts the content using a first key; and a random session key is used between the server and the storage device Establish a secure communication channel between; send the first key to the storage device via the secure communication channel; replace the random session key with the first key; send encrypted content to the storage device after replacing the random session key with the first key; And, a cryptographic engine for the storage device decrypts the encrypted content using a first key and re-encrypts the decrypted content using a second key generated by the storage device; and storing the re-encrypted content at the storage device .
在另一实施例中,提供一种用于转移数字内容的系统。该系统包括:服务器,具有对所述内容的存取;以及存储设备,可以存储所述内容;其中,所述服务器使用第一密钥加密该内容;使用随机会话密钥在服务器和存储设备之间建立安全通信通道;经由安全通信通道向存储设备发送第一密钥;经由开放通道向存储设备发送加密的内容;以及,用于该存储设备的密码引擎使用第一密钥解密该加密的内容且使用由该存储设备生成的第二密钥来重新加密被解密的内容;以及在存储设备处存储重新加密的内容。 In another embodiment, a system for transferring digital content is provided. The system includes: a server having access to the content; and a storage device capable of storing the content; wherein the server encrypts the content using a first key; and a random session key is used between the server and the storage device establish a secure communication channel between them; send the first key to the storage device via the secure communication channel; send the encrypted content to the storage device via an open channel; and the cryptographic engine for the storage device decrypts the encrypted content using the first key And re-encrypting the decrypted content using the second key generated by the storage device; and storing the re-encrypted content at the storage device.
在另一实施例中,提供一种用于安全地存储数字内容的存储设备。该存储设备包括:密码引擎,解密和加密该内容;其中,所述服务器使用第一密钥加密该内容;使用随机会话密钥在服务器和存储设备之间建立安全通信通道;经由安全通信通道向存储设备发送第一密钥;用第一密钥替代随机会话密钥;在用第一密钥替代随机会话密钥之后向存储设备发送加密的内容;以及,所述密码引擎使用第一密钥解密该加密的内容且使用由该存储设备生成的第二密钥来重新加密被解密的内容;以及存储设备存储重新加密的内容。 In another embodiment, a storage device for securely storing digital content is provided. The storage device includes: a cryptographic engine for decrypting and encrypting the content; wherein, the server encrypts the content using a first key; a secure communication channel is established between the server and the storage device using a random session key; the storage device sends the first key; replaces the random session key with the first key; sends encrypted content to the storage device after replacing the random session key with the first key; and, the cryptographic engine uses the first key decrypting the encrypted content and re-encrypting the decrypted content using a second key generated by the storage device; and the storage device storing the re-encrypted content.
在另一实施例中,提供一种用于安全地存储数字内容的存储设备。该存储设备包括:密码引擎,加密和解密该内容;其中,所述服务器使用第一密钥加密该内容;使用随机会话密钥在服务器和存储设备之间建立安全通信通道;经由安全通信通道向存储设备发送第一密钥;经由开放通道向存储设备发送加密的内容;以及,所述密码引擎使用第一密钥解密该加密的内容且使用由该存储设备生成的第二密钥来重新加密被解密的内容;以及在存储设备处存储重新加密的内容。 In another embodiment, a storage device for securely storing digital content is provided. The storage device includes: a cryptographic engine for encrypting and decrypting the content; wherein, the server encrypts the content using a first key; uses a random session key to establish a secure communication channel between the server and the storage device; the storage device sends a first key; sends encrypted content to the storage device via an open channel; and, the cryptographic engine decrypts the encrypted content using the first key and re-encrypts using a second key generated by the storage device the decrypted content; and storing the re-encrypted content at the storage device.
已经提供了简短的概要以便可以快速地理解本描述的特征。可以通过结合附图参考各个实施例的以下详细描述来获得对本描述的更完整的理解。 A brief summary has been provided so that the features of this description can be quickly understood. A more complete understanding of this description can be gained by referring to the following detailed description of various embodiments in conjunction with the accompanying drawings.
附图说明 Description of drawings
现在将详细讨论用于保护数字内容的本系统和方法的优选实施例,同时强调突出优势特征。这些实施例描述了附图中所示的新颖性和创造性的系统和方法,这些附图仅用于图示目的。这些附图包括以下图,其中,相同的数字指示相同的部件: Preferred embodiments of the present system and method for protecting digital content will now be discussed in detail, emphasizing the salient advantageous features. These embodiments describe novel and inventive systems and methods that are shown in the drawings, which are used for illustration purposes only. These drawings include the following figures, wherein like numbers indicate like parts:
图1是用于保护数字内容的现有系统的示意方块图; Figure 1 is a schematic block diagram of an existing system for protecting digital content;
图2A是用于保护数字内容的本系统和方法的一个实施例的示意方块图; Figure 2A is a schematic block diagram of one embodiment of the present systems and methods for protecting digital content;
图2B是控制器的方块图; Fig. 2B is the block diagram of controller;
图3是图示用于保护数字内容的本方法的一个实施例的流程图;以及 Figure 3 is a flowchart illustrating one embodiment of the present method for protecting digital content; and
图4是图示用于保护数字内容的本方法的另一实施例的流程图。 Figure 4 is a flowchart illustrating another embodiment of the present method for protecting digital content.
具体实施方式 Detailed ways
为了便于理解各种实施例,首先将描述用于分发数字内容的系统的一般架构和操作。然后将参考该一般架构来描述具体架构和操作。 To facilitate understanding of various embodiments, the general architecture and operation of a system for distributing digital content will first be described. The specific architecture and operations will then be described with reference to this general architecture.
如在本公开中使用的,术语“模块”、“系统”、“组件”等意图指的是计算机相关的实体、硬件、或硬件和软件的结合、软件、或执行中的软件。例如,模块可以是、但不限于在处理器上运行的处理、处理器、在硬件、软件或其组合中实现的状态机、对象、可执行文件、执行线程、程序、和/或计算系统。根据所要求保护的主题,计算机可执行组件/模块可以被存储在例如计算机可读介质上,所述计算机可读介质包括、但不限于ASIC(专用集成电路)、CD(光盘)、DVD(数字视频盘)、ROM(只读存储器)、软盘、硬盘、EEPROM(电可擦除可编程只读存储器)和记忆棒。 As used in this disclosure, the terms "module," "system," "component," etc., are intended to refer to a computer-related entity, hardware, or a combination of hardware and software, software, or software in execution. For example, a module may be, but is not limited to being, a process running on a processor, a processor, a state machine implemented in hardware, software, or a combination thereof, an object, an executable, a thread of execution, a program, and/or a computing system. In accordance with the claimed subject matter, computer-executable components/modules may be stored on, for example, computer-readable media including, but not limited to, ASIC (Application-Specific Integrated Circuit), CD (Compact Disc), DVD (Digital Video Disc), ROM (Read Only Memory), Floppy Disk, Hard Disk, EEPROM (Electrically Erasable Programmable Read Only Memory), and Memory Stick.
图1图示了用于保护在存储设备中的内容的系统100的例子。系统100包括存储数字内容104(可以被称为内容104)的服务器102。内容104可以被本地地存储在服务器102或经由网络连接(未示出)可被服务器102访问。服务器102经由安全通道110与计算系统(可称为“主机系统”)108通信。与主机系统108通信的服务器102通常生成会话密钥(未示出)。被耦接到主机108、可由主机108访问、或被集成在主机108中的存储设备(SD)114存储内容104。 Figure 1 illustrates an example of a system 100 for protecting content in a storage device. System 100 includes server 102 that stores digital content 104 (which may be referred to as content 104). Content 104 may be stored locally at server 102 or accessible to server 102 via a network connection (not shown). Server 102 communicates with computing system (which may be referred to as a “host system”) 108 via secure channel 110 . Server 102 in communication with host system 108 typically generates a session key (not shown). A storage device (SD) 114 coupled to, accessible by, or integrated in host 108 stores content 104 .
为了以安全的方式将内容104转移到SD 114,服务器102典型地使用服务器生成的加密密钥106来加密内容104。然后,服务器102使用安全通道110向SD 114发送加密密钥106和加密的内容。不幸的是,在传统系统中,无论何时转移内容104时,都使用不同的密钥106来加密内容104。加密密钥106的属性和类型可以取决于SD 114的类型而不同。因此,当服务器102向多个SD转移内容104时,服务器102可以不同地加密内容以适应不同的SD的需要。这对数字内容的商业分发来说是不必要的负担。在此描述的适应性实施例减轻该负担。 To transfer the content 104 to the SD 114 in a secure manner, the server 102 typically encrypts the content 104 using a server-generated encryption key 106. Server 102 then sends encryption key 106 and the encrypted content to SD 114 using secure channel 110. Unfortunately, in conventional systems, a different key 106 is used to encrypt content 104 whenever content 104 is transferred. The properties and type of encryption key 106 may vary depending on the type of SD 114. Therefore, when the server 102 transfers the content 104 to multiple SDs, the server 102 can encrypt the content differently to suit the needs of the different SDs. This is an unnecessary burden on commercial distribution of digital content. Adaptive embodiments described herein alleviate this burden.
图2A图示了用于安全地转移数字内容的本系统200的一个实施例的简化方块图。该系统200包括存储加密的内容204的服务器202。服务器202使用加密密钥206来加密内容204。服务器202不同每次在其必须与不同类型的存储设备通信时加密内容,如以下描述。 Figure 2A illustrates a simplified block diagram of one embodiment of the present system 200 for securely transferring digital content. The system 200 includes a server 202 that stores encrypted content 204 . Server 202 encrypts content 204 using encryption key 206 . Server 202 does not encrypt content each time it must communicate with a different type of storage device, as described below.
服务器202经由安全的通道210与主机系统208通信。安全的通道210通过使用随机会话密钥有助于安全通信。随机会话密钥可以基于由服务器202和主机系统208两者生成的随机数。可以通过使用专用硬件、软件或其组合来生成随机数。 Server 202 communicates with host system 208 via secure channel 210 . Secure Tunnel 210 facilitates secure communications by using random session keys. The random session key may be based on random numbers generated by both server 202 and host system 208 . Random numbers can be generated through the use of dedicated hardware, software, or a combination thereof.
在某些实施例中,服务器202可以经由开放的通道212与主机系统208通信。开放的通道212是未保护的,且典型地快于安全的通道210。 In some embodiments, server 202 may communicate with host system 208 via open channel 212 . Open channels 212 are unsecured and typically faster than secured channels 210 .
在包括安全的通道210和开放的通道212两者的实施例中,安全通道210和开放通道212可能能够同时在服务器202和主机系统208/SD 214之间转移数据。或者,安全通道210和开放通道212可以不同时操作。 In embodiments that include both the secure channel 210 and the open channel 212, the secure channel 210 and the open channel 212 may be capable of transferring data between the server 202 and the host system 208/SD 214 at the same time. Alternatively, secure channel 210 and open channel 212 may not operate simultaneously.
在一个实施例中,服务器202使用随机会话密钥来建立安全通道210。 In one embodiment, server 202 establishes secure channel 210 using a random session key.
主机系统208(以及服务器202)典型地包括各种功能组件。这些组件可以包括处理器(还可以称为中央处理单元(CPU))、内存、I/O设备和其他。内存经由系统总线或本地存储器总线而耦接到CPU。内存被用于在执行时提供对数据和程序信息的CPU存取。典型地,内存由随机存取存储器(RAM)电路构成。具有CPU和内存的计算机系统通常被称为主机系统。在此使用的术语主机系统包括个人计算机(PC)、膝上和其他便携式计算机、蜂窝电话、个人数字助理(PDA)、数字静态照相机、数字电影摄像机、便携式音频播放器等。 Host system 208 (as well as server 202) typically includes various functional components. These components may include processors (also referred to as central processing units (CPUs)), memory, I/O devices, and others. The memory is coupled to the CPU via a system bus or a local memory bus. Memory is used to provide CPU access to data and program information at execution time. Typically, memory consists of random access memory (RAM) circuits. A computer system with a CPU and memory is often referred to as a host system. The term host system as used herein includes personal computers (PCs), laptop and other portable computers, cellular telephones, personal digital assistants (PDAs), digital still cameras, digital movie cameras, portable audio players, and the like.
SD 214包括控制器215和密码引擎220。控制器215控制SD 214的整个操作,并经由主机接口215D(图2B)与主机208接口。密码引擎(或模块)220加密和解密内容,并包括加密模块220A和解密模块220B。加密和解密可以基于任何加密/解密技术,例如AES(先进的加密标准)、DES(数据加密标准)、3DES以及其它。在此公开的适应性实施例不基于任何具体类型的加密/解密技术。 SD 214 includes a controller 215 and a cryptographic engine 220. Controller 215 controls the overall operation of SD 214 and interfaces with host 208 via host interface 215D (FIG. 2B). The cryptographic engine (or module) 220 encrypts and decrypts content, and includes an encryption module 220A and a decryption module 220B. Encryption and decryption can be based on any encryption/decryption technique such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES and others. The adaptive embodiments disclosed herein are not based on any particular type of encryption/decryption technique.
服务器202使用随机会话密钥在随机会话中,经由安全通道210向SD 214发送加密密钥206。随机会话密钥保证加密密钥206的安全转移,该加密密钥被用于解密所加密的内容204。在转移了加密密钥206之后,随机会话密钥被加密密钥206替代,然后所加密的内容204被转移到SD 214。解密模块220B使用密钥206解密所加密的内容204。然后,加密模块220A基于SD生成的加密密钥222来加密所解密的内容。 Server 202 sends encryption key 206 to SD 214 via secure channel 210 in a random session using the random session key. The random session key ensures secure transfer of the encryption key 206 which is used to decrypt the encrypted content 204 . After the encryption key 206 is transferred, the random session key is replaced by the encryption key 206, and then the encrypted content 204 is transferred to the SD 214. Decryption module 220B decrypts encrypted content 204 using key 206 . Then, the encryption module 220A encrypts the decrypted content based on the SD-generated encryption key 222 .
SD 214可以是任何类型的存储设备,例如,非易失性存储器存储设备、硬盘或任何其他类型的存储设备。在一个实施例中,SD 214是具有固态存储器模块(或单元)的可移除的、非易失性存储器器件(包括闪存卡)。当前优选的是用于存储器单元阵列的NAND架构,虽然还可以使用其他架构、诸如NOR来替代。 SD 214 may be any type of storage device, such as a non-volatile memory storage device, a hard disk, or any other type of storage device. In one embodiment, SD 214 is a removable, non-volatile memory device (including a flash memory card) with a solid-state memory module (or unit). Currently preferred is the NAND architecture for the memory cell array, although other architectures, such as NOR, could be used instead.
当前存在商业可得的许多不同的非易失性存储卡,例子是紧致闪存(CF)、多媒体卡(MMC)、安全数字(SD)、迷你SD、记忆棒、智能媒体(SmartMedia)和TransFlash卡。虽然这些卡的每个都具有根据其标准规范(例如,基于通用串行总线(USB)规范的接口、在此通过引用其全部合并于此)而具有唯一的机械和/或电接口,但是在每个中包括的闪存非常相似。这些卡都可从本申请的受让人、SanDisk公司获得。 There are currently many different non-volatile memory cards commercially available, examples being Compact Flash (CF), Multimedia Card (MMC), Secure Digital (SD), Mini SD, Memory Stick, SmartMedia and TransFlash Card. While each of these cards has a unique mechanical and/or electrical interface according to its standard specification (e.g., an interface based on the Universal Serial Bus (USB) specification, which is hereby incorporated by reference in its entirety), in The flash memory included in each is very similar. These cards are available from SanDisk Corporation, the assignee of this application.
SanDisk还提供在其Cruzer商标下的闪存盘的产品线,该Cruzer商标下的闪存盘是具有用于通过插入主机的USB插座(未示出)而连接主机的通用串行总线(USB)插头的小包装的手持存储器系统。这些存储卡和闪存盘的每个包括与主机接口且控制在其中的闪存的操作的控制器。该主机典型地包括用于一种或多种类型的存储卡或闪存盘的内置插座,但是一些主机可以使用向其插入存储卡的适配器。 SanDisk also offers a line of flash drives under its Cruzer trademark that have a Universal Serial Bus (USB) plug for connecting to a host computer by plugging into the host's USB receptacle (not shown). Handheld memory system in a small package. Each of these memory cards and flash drives includes a controller that interfaces with a host and controls the operation of the flash memory therein. The host typically includes built-in sockets for one or more types of memory cards or flash drives, although some hosts may use adapters into which memory cards are inserted.
在图示的实施例中,SD 214还包括一般存储模块(或段(segment))216和安全存储模块(或段)218。在某些方法中,SD 214可以在一般存储模块216中存储加密的内容204(如用服务器生成的加密密钥206加密),并在安全存储模块218中存储服务器生成的加密密钥206。 In the illustrated embodiment, SD 214 also includes a general storage module (or segment) 216 and a secure storage module (or segment) 218. In some approaches, SD 214 may store encrypted content 204 (e.g., encrypted with server-generated encryption key 206) in general storage module 216 and store server-generated encryption key 206 in secure storage module 218.
在一个实施例中,SD 214对主机系统208来说看起来是存储空间的多个逻辑单元(LUN),且每个LUN可以看起来是不同类型的存储设备。例如,SD 214可以看起来是具有标准大容量存储类(Mass Storage Class)卷和MMC类卷两者,该标准大容量存储类卷模仿SCSI硬盘驱动的特性,且MMC类卷模仿CD-ROM的特性。安全存储段218是隐藏区域,对其的访问基于适当的认证。 In one embodiment, SD 214 appears to host system 208 as multiple logical units (LUNs) of storage space, and each LUN may appear to be a different type of storage device. For example, SD 214 may appear to have both standard Mass Storage Class (Mass Storage Class) volumes that mimic the characteristics of SCSI hard drives, and MMC Class volumes that mimic those of CD-ROMs. characteristic. Secure storage 218 is a hidden area, access to which is based on proper authentication.
图2B示出了控制器模块215的架构的方块图。控制器模块215包括经由 接口逻辑215A与各种其他组件接口的微控制器215B。存储器215C存储被微控制器215B用来控制SD 214的操作的固件和软件指令。存储器215C可以是易失性可再编程随机存取存储器(“RAM”)、不可再编程的非易失性存储器(“ROM”)、可一次编程存储器或可再编程闪速电可擦除可编程只读存储器(“EEPROM”)。主机接口215D与主机系统208接口,而存储器接口215E与存储器模块(未示出)接口。 FIG. 2B shows a block diagram of the architecture of the controller module 215 . The controller module 215 includes a microcontroller 215B that interfaces with various other components via interface logic 215A. Memory 215C stores firmware and software instructions used by microcontroller 215B to control the operation of SD 214. Memory 215C may be volatile reprogrammable random access memory (“RAM”), non-volatile reprogrammable memory (“ROM”), one-time programmable memory, or reprogrammable flash electrically erasable Programs read-only memory ("EEPROM"). The host interface 215D interfaces with the host system 208 and the memory interface 215E interfaces with a memory module (not shown).
在用于转移数字内容的方法的一个实施例中,服务器202使用服务器生成的加密密钥206来加密内容204,如图3中步骤S300所示。在步骤S302使用随机会话密钥在服务器202和SD 214之间建立安全通道210。服务器202经由安全通道210向SD 214发送服务器生成的加密密钥206,如步骤S304所示。服务器202和存储设备214在步骤S306用服务器生成的加密密钥206来替代随机会话密钥。服务器202经由安全通道210发送加密的内容204,如步骤S308所示。 In one embodiment of the method for transferring digital content, the server 202 encrypts the content 204 using the encryption key 206 generated by the server, as shown in step S300 in FIG. 3 . In step S302, a secure channel 210 is established between the server 202 and the SD 214 using a random session key. The server 202 sends the encryption key 206 generated by the server to the SD 214 via the secure channel 210, as shown in step S304. The server 202 and the storage device 214 replace the random session key with the server-generated encryption key 206 at step S306. The server 202 sends the encrypted content 204 via the secure channel 210, as shown in step S308.
密码引擎220使用服务器生成的加密密钥206来解密服务器加密的内容204,如图3中步骤S310所示。在步骤S312,密码引擎220则使用SD生成的加密密钥222来重新加密该内容,然后,在步骤S314该内容被存储作为SD加密的内容224。SD加密的内容224可以被存储在一般存储模块216中,而SD生成的加密密钥222可以被存储在安全存储模块218中。 The encryption engine 220 uses the encryption key 206 generated by the server to decrypt the content 204 encrypted by the server, as shown in step S310 in FIG. 3 . At step S312, the cryptographic engine 220 then re-encrypts the content using the SD-generated encryption key 222, and then the content is stored as SD-encrypted content 224 at step S314. SD encrypted content 224 may be stored in general storage module 216 , while SD generated encryption key 222 may be stored in secure storage module 218 .
图4图示了用于转移数字内容的替换方法。该服务器202使用服务器生成的加密密钥206来加密该内容204,如图4中的步骤S400所示。在步骤S402使用随机会话密钥在服务器202和SD 214之间建立安全通道210。服务器202经由安全通道210向SD 214发送服务器生成的加密密钥206,如步骤S404所示。然后,在步骤S406服务器202和存储设备214建立开放通道212。服务器经由该开放通道212发送加密的内容204,如步骤S408所示。密码引擎220使用服务器生成的加密密钥206来解密该服务器加密的内容204,如图4中步骤S410所示。在步骤S412,密码引擎220则使用SD生成的加密密钥222来重新加密该内容,在步骤S414,该内容被存储作为SD加密的内容224。 Figure 4 illustrates an alternative method for transferring digital content. The server 202 encrypts the content 204 using the encryption key 206 generated by the server, as shown in step S400 in FIG. 4 . In step S402, a secure channel 210 is established between the server 202 and the SD 214 using a random session key. The server 202 sends the encryption key 206 generated by the server to the SD 214 via the secure channel 210, as shown in step S404. Then, at step S406 the server 202 and the storage device 214 establish an open channel 212 . The server sends the encrypted content 204 via the open channel 212, as shown in step S408. The encryption engine 220 uses the encryption key 206 generated by the server to decrypt the content 204 encrypted by the server, as shown in step S410 in FIG. 4 . At step S412, the cryptographic engine 220 then re-encrypts the content using the SD-generated encryption key 222, and at step S414, the content is stored as SD-encrypted content 224.
在上述系统200和方法中,服务器202有利地地仅加密内容204一次,且可以根据服务器202选择的任何加密机制来加密该内容204。然后,该内容204由SD 214使用服务器生成的加密密钥206来解密,由SD 214使用SD生成的加密密钥222来重新加密,并被存储在SD 214中作为SD加密的内容 224。该SD 214可以根据其自己的加密机制来加密该内容224,从而服务器202从该任务中解脱。因此,本系统200比现有系统更有效,在现有系统中,服务器负担根据多个加密机制加密多个内容包的任务。另外,使用仅SD 214已知的SD生成的加密密钥222来加密SD加密的内容224。因此,该内容224非常安全。 In the systems 200 and methods described above, the server 202 advantageously only encrypts the content 204 once, and may encrypt the content 204 according to any encryption mechanism the server 202 chooses. This content 204 is then decrypted by the SD 214 using the server-generated encryption key 206, re-encrypted by the SD 214 using the SD-generated encryption key 222, and stored in the SD 214 as SD-encrypted content 224. The SD 214 can encrypt the content 224 according to its own encryption mechanism, so that the server 202 is relieved from this task. Thus, the present system 200 is more efficient than existing systems in which a server is burdened with encrypting multiple content packages according to multiple encryption mechanisms. Additionally, the SD-encrypted content 224 is encrypted using an SD-generated encryption key 222 known only to the SD 214. Therefore, the content 224 is very secure.
上述描述以使得所属的本领域技术人员能够制造该系统和使用这些方法的充分、清楚、简洁和精确的术语,呈现了被构思来实施用于保护数字内容的本系统和方法以及制造和使用它们的方法和处理的最佳方式。但是,该系统和这些方法容许完全等同的与上述公开的内容的修改和替换构造。因此,该系统和这些方法不限于公开的具体实施例。相反,该系统和这些方法覆盖了来自由以下权利要求普遍表达的该系统和方法的精神和范围的所有修改和替换的构造,该权利要求具体指出和清楚地要求该系统和方法的主题。 The foregoing description, presented in sufficient, clear, concise and precise terms to enable those skilled in the art to make the systems and use the methods, is conceived to implement the present systems and methods for protecting digital content, and to make and use them methods and the best way to deal with them. However, the systems and methods are susceptible to modifications and alternative constructions that are fully equivalent to those disclosed above. Accordingly, the systems and methods are not limited to the particular embodiments disclosed. On the contrary, the systems and methods cover all modifications and alternative constructions coming from the spirit and scope of the systems and methods as generally expressed by the following claims which particularly point out and distinctly claim the subject matter of the systems and methods.
Claims (19)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/863,714 US8761402B2 (en) | 2007-09-28 | 2007-09-28 | System and methods for digital content distribution |
| US11/863,714 | 2007-09-28 | ||
| PCT/US2008/074428 WO2009045665A1 (en) | 2007-09-28 | 2008-08-27 | System and methods for digital content distribution |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101765845A CN101765845A (en) | 2010-06-30 |
| CN101765845B true CN101765845B (en) | 2015-07-01 |
Family
ID=40042964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200880100934.5A Active CN101765845B (en) | 2007-09-28 | 2008-08-27 | System and method for digital content distribution |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US8761402B2 (en) |
| EP (1) | EP2191409A1 (en) |
| JP (1) | JP2010541068A (en) |
| CN (1) | CN101765845B (en) |
| TW (1) | TWI448894B (en) |
| WO (1) | WO2009045665A1 (en) |
Families Citing this family (46)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8312267B2 (en) | 2004-07-20 | 2012-11-13 | Time Warner Cable Inc. | Technique for securely communicating programming content |
| US8266429B2 (en) | 2004-07-20 | 2012-09-11 | Time Warner Cable, Inc. | Technique for securely communicating and storing programming material in a trusted domain |
| US8520850B2 (en) | 2006-10-20 | 2013-08-27 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
| US8621540B2 (en) | 2007-01-24 | 2013-12-31 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
| US8761402B2 (en) | 2007-09-28 | 2014-06-24 | Sandisk Technologies Inc. | System and methods for digital content distribution |
| JP2010268417A (en) | 2009-04-16 | 2010-11-25 | Toshiba Corp | Recording device, and content-data playback system |
| US20100310076A1 (en) * | 2009-06-04 | 2010-12-09 | Ron Barzilai | Method for Performing Double Domain Encryption in a Memory Device |
| US9083685B2 (en) * | 2009-06-04 | 2015-07-14 | Sandisk Technologies Inc. | Method and system for content replication control |
| US9602864B2 (en) | 2009-06-08 | 2017-03-21 | Time Warner Cable Enterprises Llc | Media bridge apparatus and methods |
| US9866609B2 (en) | 2009-06-08 | 2018-01-09 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
| EP2467799A1 (en) | 2009-08-17 | 2012-06-27 | Cram, Inc. | Digital content management and delivery |
| US8977783B2 (en) * | 2009-10-21 | 2015-03-10 | Media Ip, Llc | High-speed secure content transfer to SD card from kiosk |
| US9595300B2 (en) * | 2009-10-21 | 2017-03-14 | Media Ip, Llc | Contextual chapter navigation |
| US8417937B2 (en) * | 2009-12-10 | 2013-04-09 | General Instrument Corporation | System and method for securely transfering content from set-top box to personal media player |
| US9032535B2 (en) * | 2009-12-31 | 2015-05-12 | Sandisk Technologies Inc. | Storage device and method for providing a scalable content protection system |
| US8898803B1 (en) | 2010-01-11 | 2014-11-25 | Media Ip, Llc | Content and identity delivery system for portable playback of content and streaming service integration |
| US20110270762A1 (en) * | 2010-04-30 | 2011-11-03 | Gsimedia Corporation | Secure Data Transfer From a Vending Device to Portable Data Storage Devices |
| US20110271119A1 (en) * | 2010-04-30 | 2011-11-03 | Gsimedia Corporation | Secure Data Storage and Transfer for Portable Data Storage Devices |
| US9906838B2 (en) | 2010-07-12 | 2018-02-27 | Time Warner Cable Enterprises Llc | Apparatus and methods for content delivery and message exchange across multiple content delivery networks |
| DE102010046229A1 (en) * | 2010-09-23 | 2012-03-29 | Oliver Kömmerling | Method for the encrypted transmission of data from a mobile data carrier to a stationary device and data encryption adapter |
| US20120124386A1 (en) * | 2010-11-16 | 2012-05-17 | Lin Jason T | Method and System for Refreshing Content in a Storage Device |
| US8781119B2 (en) * | 2010-12-14 | 2014-07-15 | Nxp, B.V. | User-controlled Random-ID generation function for smartcards |
| US9092608B2 (en) | 2010-12-14 | 2015-07-28 | Nxp B.V. | Random-ID function for smartcards |
| JP5644467B2 (en) * | 2010-12-20 | 2014-12-24 | ソニー株式会社 | Information processing apparatus, information processing method, and program |
| US8775827B2 (en) | 2011-03-28 | 2014-07-08 | Media Ip, Llc | Read and write optimization for protected area of memory |
| US9633391B2 (en) | 2011-03-30 | 2017-04-25 | Cram Worldwide, Llc | Secure pre-loaded drive management at kiosk |
| US8949879B2 (en) | 2011-04-22 | 2015-02-03 | Media Ip, Llc | Access controls for known content |
| JP5050114B1 (en) | 2011-04-28 | 2012-10-17 | 株式会社東芝 | Information recording device |
| US8769705B2 (en) * | 2011-06-10 | 2014-07-01 | Futurewei Technologies, Inc. | Method for flexible data protection with dynamically authorized data receivers in a content network or in cloud storage and content delivery services |
| US9351236B2 (en) * | 2011-07-19 | 2016-05-24 | At&T Intellectual Property I, L.P. | UICC carrier switching via over-the-air technology |
| EP2795510A4 (en) * | 2011-12-22 | 2015-09-02 | Intel Corp | Method and apparatus to using storage devices to implement digital rights management protection |
| US9270657B2 (en) | 2011-12-22 | 2016-02-23 | Intel Corporation | Activation and monetization of features built into storage subsystems using a trusted connect service back end infrastructure |
| US9167050B2 (en) * | 2012-08-16 | 2015-10-20 | Futurewei Technologies, Inc. | Control pool based enterprise policy enabler for controlled cloud access |
| US9565472B2 (en) | 2012-12-10 | 2017-02-07 | Time Warner Cable Enterprises Llc | Apparatus and methods for content transfer protection |
| US20140282786A1 (en) | 2013-03-12 | 2014-09-18 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing and uploading content to personalized network storage |
| WO2015116855A1 (en) * | 2014-01-29 | 2015-08-06 | Intertrust Technologies Corporation | Secure application processing systems and methods |
| US20150242595A1 (en) * | 2014-02-25 | 2015-08-27 | Hui Lin | Secure data storage and transfer for portable data storage devices |
| US9621940B2 (en) | 2014-05-29 | 2017-04-11 | Time Warner Cable Enterprises Llc | Apparatus and methods for recording, accessing, and delivering packetized content |
| US20160105400A1 (en) * | 2014-10-08 | 2016-04-14 | Time Warner Cable Enterprises Llc | Apparatus and methods for data transfer beteween a plurality of user devices |
| WO2016103221A1 (en) * | 2014-12-23 | 2016-06-30 | Data Locker Inc. | Computer program, method, and system for secure data management |
| US10140429B2 (en) * | 2015-06-17 | 2018-11-27 | Adobe Systems Incorporated | Unified digital rights management for heterogenous computing platforms |
| US10263968B1 (en) * | 2015-07-24 | 2019-04-16 | Hologic Inc. | Security measure for exchanging keys over networks |
| US20170054560A1 (en) * | 2015-08-23 | 2017-02-23 | Hui Lin | Secure data storage and transfer for portable data storage devices |
| WO2017122361A1 (en) * | 2016-01-15 | 2017-07-20 | 富士通株式会社 | Security device and control method |
| US20190190703A1 (en) * | 2017-12-18 | 2019-06-20 | Auton, Inc. | Systems and methods for using an out-of-band security channel for enhancing secure interactions with automotive electronic control units |
| US10827355B2 (en) | 2017-12-28 | 2020-11-03 | Auton, Inc. | Systems and methods for reliably providing a control channel for communicating control information with automotive electronic control units |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005148A1 (en) * | 1998-07-30 | 2005-01-06 | Sony Corporation | Contents processing system |
| CN1599313A (en) * | 2004-08-01 | 2005-03-23 | 常志文 | Password dynamic enciphering inputmethod of public emipering mode |
| CN101019368A (en) * | 2004-07-14 | 2007-08-15 | 英特尔公司 | Method of delivering direct proof private keys to devices using a distribution CD |
Family Cites Families (87)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5802175A (en) * | 1996-09-18 | 1998-09-01 | Kara; Salim G. | Computer file backup encryption system and method |
| JP3216607B2 (en) * | 1998-07-29 | 2001-10-09 | 日本電気株式会社 | Digital work distribution system and method, digital work reproduction apparatus and method, and recording medium |
| US8060926B1 (en) * | 1999-03-16 | 2011-11-15 | Novell, Inc. | Techniques for securely managing and accelerating data delivery |
| US7073063B2 (en) * | 1999-03-27 | 2006-07-04 | Microsoft Corporation | Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like |
| US7631195B1 (en) * | 2006-03-15 | 2009-12-08 | Super Talent Electronics, Inc. | System and method for providing security to a portable storage device |
| JP4406799B2 (en) | 1999-09-07 | 2010-02-03 | ソニー株式会社 | Information providing system and information providing apparatus |
| US7013389B1 (en) * | 1999-09-29 | 2006-03-14 | Cisco Technology, Inc. | Method and apparatus for creating a secure communication channel among multiple event service nodes |
| US7278016B1 (en) * | 1999-10-26 | 2007-10-02 | International Business Machines Corporation | Encryption/decryption of stored data using non-accessible, unique encryption key |
| EP1233569B1 (en) * | 1999-11-17 | 2009-01-07 | Fujitsu Limited | Data distribution system and record medium used in the same |
| WO2001041356A1 (en) | 1999-12-02 | 2001-06-07 | Sanyo Electric Co., Ltd. | Memory card and data distribution system using it |
| EP1237325A4 (en) * | 1999-12-03 | 2007-08-29 | Sanyo Electric Co | DATA DISTRIBUTION SYSTEM AND RECORDER FOR USE IN THIS SYSTEM |
| WO2001043339A1 (en) | 1999-12-07 | 2001-06-14 | Sanyo Electric Co., Ltd. | Device for reproducing data |
| US6968459B1 (en) * | 1999-12-15 | 2005-11-22 | Imation Corp. | Computing environment having secure storage device |
| JP2001184314A (en) | 1999-12-27 | 2001-07-06 | Sony Corp | Information utilizing terminal, device and system for preserving and distributing information and recording medium |
| US6865550B1 (en) * | 2000-02-03 | 2005-03-08 | Eastman Kodak Company | System for secure distribution and playback of digital data |
| JP4348818B2 (en) * | 2000-03-10 | 2009-10-21 | ソニー株式会社 | Data distribution system and method, and data recording medium |
| CA2310188A1 (en) * | 2000-05-30 | 2001-11-30 | Mark J. Frazer | Communication structure with channels configured responsive to reception quality |
| MXPA02001533A (en) * | 2000-06-15 | 2002-07-02 | Sony Corp | System and method for processing information using encryption key block. |
| EP2511823A3 (en) * | 2000-06-16 | 2012-11-07 | Entriq, Inc. | Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (DRM) |
| US7389531B2 (en) | 2000-06-16 | 2008-06-17 | Entriq Inc. | Method and system to dynamically present a payment gateway for content distributed via a network |
| US7215771B1 (en) * | 2000-06-30 | 2007-05-08 | Western Digital Ventures, Inc. | Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network |
| US6871278B1 (en) * | 2000-07-06 | 2005-03-22 | Lasercard Corporation | Secure transactions with passive storage media |
| US6981152B2 (en) * | 2000-07-28 | 2005-12-27 | 360 Degree Web, Inc. | Smart card security information configuration and recovery system |
| US7010808B1 (en) * | 2000-08-25 | 2006-03-07 | Microsoft Corporation | Binding digital content to a portable storage device or the like in a digital rights management (DRM) system |
| JP2002094499A (en) * | 2000-09-18 | 2002-03-29 | Sanyo Electric Co Ltd | Data terminal device and headphone device |
| US7149722B1 (en) * | 2000-09-28 | 2006-12-12 | Microsoft Corporation | Retail transactions involving distributed and super-distributed digital content in a digital rights management (DRM) system |
| US6986040B1 (en) | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
| JP2002169912A (en) | 2000-11-30 | 2002-06-14 | Hitachi Ltd | Encryption / decryption device, billing device, and content distribution system |
| JP4710132B2 (en) * | 2000-12-26 | 2011-06-29 | ソニー株式会社 | Information processing system, information processing method, and program recording medium |
| US7062622B2 (en) * | 2001-06-29 | 2006-06-13 | Microsoft Corporation | Protection of content stored on portable memory from unauthorized usage |
| MXPA03011964A (en) * | 2001-07-05 | 2004-03-26 | Matsushita Electric Ind Co Ltd | Recording apparatus, medium, method, and related computer program. |
| JP4224262B2 (en) | 2001-07-09 | 2009-02-12 | パナソニック株式会社 | Digital information protection system, recording medium device, transmission device, and playback device |
| US7036020B2 (en) * | 2001-07-25 | 2006-04-25 | Antique Books, Inc | Methods and systems for promoting security in a computer system employing attached storage devices |
| US20030188183A1 (en) * | 2001-08-27 | 2003-10-02 | Lee Lane W. | Unlocking method and system for data on media |
| DE10200288A1 (en) * | 2002-01-07 | 2003-07-17 | Scm Microsystems Gmbh | A device for executing applications that include secure transactions and / or access control to valuable content and / or services and methods for protecting such a device |
| JP4370800B2 (en) | 2003-04-21 | 2009-11-25 | ヤマハ株式会社 | Music content utilization apparatus and program |
| DE10330089B4 (en) * | 2003-07-03 | 2014-02-27 | Bt Ignite Gmbh & Co. | Method and apparatus for transmitting decryption codes for freely transmitted, encrypted program content to uniquely identifiable recipients |
| WO2005008385A2 (en) * | 2003-07-07 | 2005-01-27 | Cryptography Research, Inc. | Reprogrammable security for controlling piracy and enabling interactive content |
| GB2404489A (en) | 2003-07-31 | 2005-02-02 | Sony Uk Ltd | Access control for digital storage medium content |
| JP4369191B2 (en) | 2003-09-26 | 2009-11-18 | 株式会社ルネサステクノロジ | Terminal device and authentication system |
| US7549044B2 (en) * | 2003-10-28 | 2009-06-16 | Dphi Acquisitions, Inc. | Block-level storage device with content security |
| JP2007528525A (en) * | 2004-01-08 | 2007-10-11 | 松下電器産業株式会社 | Content management device |
| KR20050094273A (en) * | 2004-03-22 | 2005-09-27 | 삼성전자주식회사 | Digital rights management structure, handheld storage deive and contents managing method using handheld storage device |
| JP2005275441A (en) | 2004-03-22 | 2005-10-06 | Yamaha Corp | Electronic musical device and program for realizing control method therefor |
| KR20050096040A (en) * | 2004-03-29 | 2005-10-05 | 삼성전자주식회사 | Method for playbacking content using portable storage by digital rights management, and portable storage for the same |
| CN101002422B (en) * | 2004-07-30 | 2010-11-10 | 松下电器产业株式会社 | Recording device, content key processing device, recording medium, and recording method |
| US7630499B2 (en) * | 2004-08-18 | 2009-12-08 | Scientific-Atlanta, Inc. | Retrieval and transfer of encrypted hard drive content from DVR set-top boxes |
| WO2006053304A2 (en) * | 2004-11-12 | 2006-05-18 | Pufco, Inc. | Volatile device keys and applications thereof |
| US8121952B2 (en) * | 2004-12-10 | 2012-02-21 | International Business Machines Corporation | System, method, and service for delivering multimedia content by means of a permission to decrypt titles on a physical media |
| US20060239450A1 (en) * | 2004-12-21 | 2006-10-26 | Michael Holtzman | In stream data encryption / decryption and error correction method |
| AU2006205325A1 (en) * | 2005-01-13 | 2006-07-20 | Samsung Electronics Co., Ltd. | Device and method for digital rights management |
| WO2006077871A1 (en) | 2005-01-20 | 2006-07-27 | Matsushita Electric Industrial Co., Ltd. | Content copying device and content copying method |
| US8832458B2 (en) * | 2005-03-22 | 2014-09-09 | Seagate Technology Llc | Data transcription in a data storage device |
| US7493656B2 (en) * | 2005-06-02 | 2009-02-17 | Seagate Technology Llc | Drive security session manager |
| WO2006129293A1 (en) * | 2005-06-03 | 2006-12-07 | Koninklijke Philips Electronics N.V. | Homomorphic encryption for secure watermarking |
| US7567671B2 (en) * | 2005-06-10 | 2009-07-28 | Aniruddha Gupte | Encryption method and apparatus for use in digital distribution system |
| US8028329B2 (en) * | 2005-06-13 | 2011-09-27 | Iamsecureonline, Inc. | Proxy authentication network |
| US7748031B2 (en) * | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
| EP1911007A1 (en) * | 2005-08-05 | 2008-04-16 | E-Matik S.r.l. | System for rental or sale of multimedia files |
| US20070056042A1 (en) * | 2005-09-08 | 2007-03-08 | Bahman Qawami | Mobile memory system for secure storage and delivery of media content |
| EP1934878A2 (en) | 2005-09-08 | 2008-06-25 | SanDisk Corporation | Mobile memory system for secure storage and delivery of media content |
| JP4848163B2 (en) * | 2005-09-29 | 2011-12-28 | ヒタチグローバルストレージテクノロジーズネザーランドビーブイ | Content data management system and apparatus |
| GB2431254A (en) * | 2005-10-11 | 2007-04-18 | Hewlett Packard Development Co | Data transfer system |
| US20070143445A1 (en) * | 2005-12-20 | 2007-06-21 | Dandekar Shree A | Method for offering and refreshing digital content on fixed image platforms |
| JP4893040B2 (en) * | 2006-03-17 | 2012-03-07 | ソニー株式会社 | Encrypted data recording device |
| WO2008021594A2 (en) | 2006-05-08 | 2008-02-21 | Sandisk Corporation | Secure storage digital kiosk distribution |
| IES20070421A2 (en) | 2006-06-13 | 2007-12-21 | Qtelmedia Group Ltd | A method for restricting access to digital content |
| JP2008009303A (en) * | 2006-06-30 | 2008-01-17 | Sony Corp | Content distribution server and content distribution method |
| US8639939B2 (en) * | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
| US8266711B2 (en) * | 2006-07-07 | 2012-09-11 | Sandisk Technologies Inc. | Method for controlling information supplied from memory device |
| US8140843B2 (en) * | 2006-07-07 | 2012-03-20 | Sandisk Technologies Inc. | Content control method using certificate chains |
| US8627482B2 (en) * | 2006-07-24 | 2014-01-07 | Thomson Licensing | Method, apparatus and system for secure distribution of content |
| JP4341653B2 (en) * | 2006-09-07 | 2009-10-07 | コニカミノルタビジネステクノロジーズ株式会社 | Image processing apparatus, image reading apparatus, image processing method, and image processing program |
| US20080189781A1 (en) * | 2007-02-02 | 2008-08-07 | Sharp Laboratories Of America, Inc. | Remote management of electronic devices |
| RU2339077C1 (en) * | 2007-03-13 | 2008-11-20 | Олег Вениаминович Сахаров | Method of operating conditional access system for application in computer networks and system for its realisation |
| JP2008287519A (en) * | 2007-05-17 | 2008-11-27 | Keiko Ogawa | Data encryption, transmission and saving system and removable medium |
| US20090052670A1 (en) * | 2007-08-21 | 2009-02-26 | Samsung Electronics Co., Ltd. | Method and apparatus for storing digital content in storage device |
| US8761402B2 (en) | 2007-09-28 | 2014-06-24 | Sandisk Technologies Inc. | System and methods for digital content distribution |
| US20090113116A1 (en) * | 2007-10-30 | 2009-04-30 | Thompson E Earle | Digital content kiosk and methods for use therewith |
| US20090132813A1 (en) | 2007-11-08 | 2009-05-21 | Suridx, Inc. | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones |
| US9183357B2 (en) * | 2008-09-24 | 2015-11-10 | Panasonic Intellectual Property Management Co., Ltd. | Recording/reproducing system, recording medium device, and recording/reproducing device |
| US8194858B2 (en) * | 2009-02-19 | 2012-06-05 | Physical Optics Corporation | Chaotic cipher system and method for secure communication |
| US9083685B2 (en) * | 2009-06-04 | 2015-07-14 | Sandisk Technologies Inc. | Method and system for content replication control |
| US20100310076A1 (en) * | 2009-06-04 | 2010-12-09 | Ron Barzilai | Method for Performing Double Domain Encryption in a Memory Device |
| US20110010770A1 (en) * | 2009-07-10 | 2011-01-13 | Certicom Corp. | System and method for performing key injection to devices |
| JP5572705B2 (en) * | 2009-07-10 | 2014-08-13 | サーティコム コーポレーション | System and method for managing electronic assets |
| US8930692B2 (en) * | 2010-07-23 | 2015-01-06 | Silicon Image, Inc. | Mechanism for internal processing of content through partial authentication on secondary channel |
-
2007
- 2007-09-28 US US11/863,714 patent/US8761402B2/en active Active
-
2008
- 2008-08-27 EP EP08835108A patent/EP2191409A1/en not_active Ceased
- 2008-08-27 JP JP2010526993A patent/JP2010541068A/en active Pending
- 2008-08-27 CN CN200880100934.5A patent/CN101765845B/en active Active
- 2008-08-27 WO PCT/US2008/074428 patent/WO2009045665A1/en active Application Filing
- 2008-08-29 TW TW097133343A patent/TWI448894B/en not_active IP Right Cessation
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005148A1 (en) * | 1998-07-30 | 2005-01-06 | Sony Corporation | Contents processing system |
| CN101019368A (en) * | 2004-07-14 | 2007-08-15 | 英特尔公司 | Method of delivering direct proof private keys to devices using a distribution CD |
| CN1599313A (en) * | 2004-08-01 | 2005-03-23 | 常志文 | Password dynamic enciphering inputmethod of public emipering mode |
Also Published As
| Publication number | Publication date |
|---|---|
| EP2191409A1 (en) | 2010-06-02 |
| US20090086978A1 (en) | 2009-04-02 |
| CN101765845A (en) | 2010-06-30 |
| TWI448894B (en) | 2014-08-11 |
| JP2010541068A (en) | 2010-12-24 |
| US8761402B2 (en) | 2014-06-24 |
| WO2009045665A1 (en) | 2009-04-09 |
| TW200915127A (en) | 2009-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101765845B (en) | System and method for digital content distribution | |
| US9853953B2 (en) | Method of transferring rights object and electronic device | |
| US8296240B2 (en) | Digital rights management dongle | |
| CN101821746B (en) | Device and method for backup of rights objects | |
| US9015479B2 (en) | Host device and method for super-distribution of content protected with a localized content encryption key | |
| US20100310076A1 (en) | Method for Performing Double Domain Encryption in a Memory Device | |
| US20110060921A1 (en) | Data Encryption Device | |
| CN101578608B (en) | Methods and apparatuses for accessing content based on a session ticket | |
| US20130156196A1 (en) | Storage Device and Method for Super-Distribution of Content Protected with a Localized Content Encyrption Key | |
| TW201135741A (en) | Storage device and method for providing a scalable content protection system | |
| US9083685B2 (en) | Method and system for content replication control | |
| US20100166189A1 (en) | Key Management Apparatus and Key Management Method | |
| US20070113097A1 (en) | [storage media] | |
| TWI377576B (en) | Security flash memory with an apparatus for encryption and decryption, and method for accessing security flash memory | |
| CN101617318A (en) | Be used for method and apparatus that content and licence are linked | |
| TWI441037B (en) | Methods and apparatuses for accessing content based on a session ticket | |
| TWI461949B (en) | A method for generating a parameter configured for use in decrypting content, a method for generating a reference to a cryptographic key, and a host computing device | |
| WO2012030296A2 (en) | Electronic encryption device and method | |
| KR20070022252A (en) | Safe Portable Electronic Reference Device | |
| TW201421276A (en) | Method for processing data | |
| KR20080032786A (en) | Portable storage media for secure storage and use of D R M applied content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SANDISK TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SANDISK CORP. Effective date: 20120621 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120621 Address after: Texas, USA Applicant after: SANDISK TECHNOLOGIES Inc. Address before: California, USA Applicant before: Sandisk Corp. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Texas, USA Patentee after: SANDISK TECHNOLOGIES LLC Address before: Texas, USA Patentee before: SANDISK TECHNOLOGIES Inc. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20250324 Address after: U.S.A. Patentee after: SANDISK TECHNOLOGIES Inc. Country or region after: U.S.A. Address before: texas Patentee before: SANDISK TECHNOLOGIES LLC Country or region before: U.S.A. |